Showing 1 - 6 of 6

Files from Lucas Apa

KingView Log File Parsing Buffer Overflow: Posted Mar 23, 2013; Authored by Lucas Apa, juan vazquez, Carlos Mario Penagos Hollman | Site metasploit.com; This Metasploit module exploits a vulnerability found in KingView <= 6.55. It exists in the KingMess.exe application when handling log files, due to the insecure usage of sprintf. This Metasploit module uses a malformed .kvl file which must be opened by the victim via the KingMess.exe application, through the 'Browse Log Files' option. The module has been tested successfully on KingView 6.52 and KingView 6.53 Free Trial over Windows XP SP3.; tags | exploit; systems | windows; advisories | CVE-2012-4711, OSVDB-89690; SHA-256 | a222e0dccc97deceefae4025049d3943429ac06345a09773afe5955769586945; Download | Favorite | View

SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference: Posted Oct 31, 2012; Authored by Lucas Apa | Site ioactive.com; IOActive Security Advisory - A vulnerability exists within AscoServer.exe of SIEMENS SiPass during the handling of RPC messages over the ethernet bus. Insufficient sanity checking allows remote and unauthenticated attackers to corrupt a heap-allocated structure and then dereference an arbitrary pointer. This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where the vulnerable versions of SIEMENS SiPass Integrated are installed. More advanced payloads could modify the behavior of the application’s internal controllers to unlock doors, control specific hardware, or expose businesses to other security risks. SIEMENS SiPass Integrated versions MP2.6 and earlier are affected.; tags | advisory, remote, arbitrary; SHA-256 | 6c360fd7a497194cefa22ee03fee415561bb9f756de284b4f7fa3b2eae5e5953; Download | Favorite | View

TornadoStore 1.4.3 Cross Site Scripting: Posted Jun 30, 2010; Authored by Lucas Apa | Site bonsai-sec.com; TornadoStore versions 1.4.3 and below suffer from cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2010-1328; SHA-256 | 92c1121c6831c5a577d60e10a6710d9a1c246a997843d48ddab155167b739e84; Download | Favorite | View

TornadoStore 1.4.3 SQL Injection: Posted Jun 30, 2010; Authored by Lucas Apa | Site bonsai-sec.com; TornadoStore versions 1.4.3 and below suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2010-1327; SHA-256 | 25be905489a49bf4bbf76c69ef780de90aa2d098b47076f2a88ba1827cac2697; Download | Favorite | View

Apache OFBiz SQL Injection: Posted Apr 16, 2010; Authored by Lucas Apa; The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.; tags | exploit, arbitrary, javascript, xss, proof of concept; advisories | CVE-2010-0432; SHA-256 | 869b4a38f24b51ae270bb2efcdf64a5e06a74983af574cc256cfac9b7319620a; Download | Favorite | View

Apache OFBiz Cross Site Scripting: Posted Apr 16, 2010; Authored by Lucas Apa; Apache OFBiz suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2010-0432; SHA-256 | 5501fd94fda2e20c6ca17ba0bca565a5b103589958224155c187e9a10853c7d5; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days